From 6c6baa8787b5fa092db801ab15584617f6e78233 Mon Sep 17 00:00:00 2001
From: Markus Klein <markus.klein@typo3.org>
Date: Fri, 13 Mar 2020 20:52:25 +0100
Subject: [PATCH] [BUGFIX] Handle docroot-relative paths in ResourceCompressor
Resolves: #89124
Resolves: #90689
Resolves: #88184
Releases: master, 9.5
Change-Id: I41b6c9d73346974cffb029551be5f987f9a09a79
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/63714
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Susanne Moog <look@susi.dev>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Susanne Moog <look@susi.dev>
Reviewed-by: Andreas Fernandez <a.fernandez@scripting-base.de>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Benni Mack <benni@typo3.org>
---
.../Classes/Resource/ResourceCompressor.php | 7 ++-
.../Unit/Resource/ResourceCompressorTest.php | 63 ++++++++++++++++++-
2 files changed, 66 insertions(+), 4 deletions(-)
diff --git a/typo3/sysext/core/Classes/Resource/ResourceCompressor.php b/typo3/sysext/core/Classes/Resource/ResourceCompressor.php
index 6c3f4999bb34..6ab6d889d523 100644
--- a/typo3/sysext/core/Classes/Resource/ResourceCompressor.php
+++ b/typo3/sysext/core/Classes/Resource/ResourceCompressor.php
@@ -432,11 +432,12 @@ class ResourceCompressor
// if the file is an absolute reference within the docRoot
$absolutePath = $docRoot . '/' . $fileNameWithoutSlash;
- // if it is already an absolute path to the file
- if (PathUtility::isAbsolutePath($filename)) {
+ // If the $filename stems from a call to PathUtility::getAbsoluteWebPath() it has a leading slash,
+ // hence isAbsolutePath() results in true, which is obviously wrong. Check file existence to be sure.
+ // Calling is_file without @ for a path starting with '../' causes a PHP Warning when using open_basedir restriction
+ if (PathUtility::isAbsolutePath($filename) && @is_file($filename)) {
$absolutePath = $filename;
}
- // Calling is_file without @ for a path starting with '../' causes a PHP Warning when using open_basedir restriction
if (@is_file($absolutePath)) {
if (strpos($absolutePath, $this->rootPath) === 0) {
// the path is within the current root path, simply strip rootPath off
diff --git a/typo3/sysext/core/Tests/Unit/Resource/ResourceCompressorTest.php b/typo3/sysext/core/Tests/Unit/Resource/ResourceCompressorTest.php
index 6a0190048362..c01583e284a8 100644
--- a/typo3/sysext/core/Tests/Unit/Resource/ResourceCompressorTest.php
+++ b/typo3/sysext/core/Tests/Unit/Resource/ResourceCompressorTest.php
@@ -558,13 +558,23 @@ class ResourceCompressorTest extends BaseTestCase
'typo3temp/assets/compressed/.htaccess',
'../typo3temp/assets/compressed/.htaccess'
],
+ // Get filename using absolute path
+ [
+ Environment::getPublicPath() . '/typo3/sysext/core/Tests/Unit/Resource/ResourceCompressorTest/Fixtures/charset.css',
+ 'sysext/core/Tests/Unit/Resource/ResourceCompressorTest/Fixtures/charset.css'
+ ],
+ // Get filename using docroot relative path
+ [
+ '/typo3/sysext/core/Tests/Unit/Resource/ResourceCompressorTest/Fixtures/charset.css',
+ 'sysext/core/Tests/Unit/Resource/ResourceCompressorTest/Fixtures/charset.css'
+ ],
];
}
/**
* @test
* @dataProvider getFilenamesFromMainDirInBackendContextDataProvider
- * @param string $filename input that will be fired on the extension
+ * @param string $filename
* @param string $expected
*/
public function getFilenamesFromMainDirInBackendContext(string $filename, string $expected)
@@ -590,6 +600,57 @@ class ResourceCompressorTest extends BaseTestCase
self::assertSame($expected, $relativeToRootPath);
}
+ /**
+ * @return array
+ */
+ public function getFilenamesFromMainDirInBackendContextInSubfolderDataProvider(): array
+ {
+ $subfolderFake = basename(Environment::getPublicPath());
+ return [
+ // Get filename using absolute path
+ [
+ Environment::getPublicPath() . '/typo3/sysext/core/Tests/Unit/Resource/ResourceCompressorTest/Fixtures/charset.css',
+ 'sysext/core/Tests/Unit/Resource/ResourceCompressorTest/Fixtures/charset.css'
+ ],
+ // Get filename using docroot relative path
+ [
+ '/' . $subfolderFake . '/typo3/sysext/core/Tests/Unit/Resource/ResourceCompressorTest/Fixtures/charset.css',
+ 'sysext/core/Tests/Unit/Resource/ResourceCompressorTest/Fixtures/charset.css'
+ ],
+ ];
+ }
+
+ /**
+ * @test
+ * @dataProvider getFilenamesFromMainDirInBackendContextInSubfolderDataProvider
+ * @param string $filename
+ * @param string $expected
+ */
+ public function getFilenamesFromMainDirInBackendContextWithSubFolder(string $filename, string $expected): void
+ {
+ // getCurrentScript() called by PathUtility::getRelativePathTo() is usually something
+ // like '.../bin/phpunit' in testing context, but we want .../typo3/index.php as entry
+ // script point here to fake the backend call.
+ $bePath = Environment::getBackendPath();
+ $subfolderFake = basename(Environment::getPublicPath());
+ $_SERVER['ORIG_SCRIPT_NAME'] = '/' . $subfolderFake . '/typo3/index.php';
+ Environment::initialize(
+ Environment::getContext(),
+ true,
+ false,
+ Environment::getProjectPath(),
+ Environment::getPublicPath(),
+ Environment::getVarPath(),
+ Environment::getConfigPath(),
+ $bePath . '/index.php',
+ Environment::isWindows() ? 'WINDOWS' : 'UNIX'
+ );
+ $subject = $this->getAccessibleMock(ResourceCompressor::class, ['dummy']);
+ $subject->setRootPath($bePath . '/');
+ $relativeToRootPath = $subject->_call('getFilenameFromMainDir', $filename);
+ self::assertSame($expected, $relativeToRootPath);
+ }
+
/**
* @return array
*/
--
GitLab